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DETAILED ACTION 

This office action is in response to amendments, remarks and request for reconsideration 
filed on August 17, 201 1. The remarks and amendments filed have been entered and made of 
record. Claims 29-30, 32, 34-36, 38-43 45-48 and 50-58 are pending. 

Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.114, including the fee set forth 
in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 
1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn 
pursuant to 37 CFR 1. 1 14. Applicant's submission filed on August 17, 201 1 has been entered 

Response to Arguments 

Applicant's arguments filed on August 17, 201 1 have been fully considered but they are 
not persuasive because of the following reasons and newly applied art Hearn et al. (WO 
03/003242): 

Applicant's arguments filed on October 2, 2009 have been fully considered but they are not 
persuasive because of the following reasons: 
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Regarding Claims 29 applicants argued, that system of cited prior arts (CPA) [Thibadeau 
U. S. Patent 7,036,020 and Hearn et al. (WO 03/003242).] does not disclose or teach "selectively 
blocking access to operating system data and instead of writing the changes to the operating 
system files in the security partition as targeted by the requests, writes the changes to a location 
different than the security partition". 

The system of cited prior art teaches a system and method for promoting security 
method in computer system that involves partitioning portion of storage device to form security 
partition and limiting access to portion of storage device by operating system of computer. In 
that system a portion of storage device is partitioned to form a security partition, which has an 
authority record and data set associated with the authority record. An access to security partition 
of storage device is limited by the installed operating system of computer. Thibadeau :( Fig. 1-4, 
col.4 line 37 to col.6 line 16). While Hearn teaches and describe a blocking unit (Fig.l item 25 
and Fig. 2) configured for host CPU to impose and continuously maintain the requisite level of 
data access to security partition for users effecting the data access in accordance with the 
particular data access profile, regardless of subsequent operations of the CPU (Hearn: Fig. 1 Item 
35, Fig.2 and page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8). 

As a result, cited prior art does implement and teach a system that relates to securing 
access in a computer system. Therefore, the examiner asserts that cited prior art does teach or 
suggest the subject matter broadly recited in independent Claims and in subsequent dependent 
Claims. Accordingly, rejections for claims 29-30, 32, 34-36, 38-43 45-48 and 50-58 are 
respectfully maintained. 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 1 02 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 29-30, 32, 34-36, 38-43 45-48 and 50-58 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Thibadeau U. S. Patent 7,036,020 and further in view of Hearn et al. 
(WO 03/003242). 

2. Regarding Claim 29, Thibadeau teaches and describes a security system for securing 
access to an operating system of a computer having at least a host central processing unit (CPU), 
a memory used by the host CPU to load programs from the operating system in order to operate 
the computer, a storage device for storing data to be used by the computer, and a chain of 
components connecting the CPU to the storage device, the security system comprising: 
a security partition formed in the storage device, the operating system of the computer being 
stored in the security partition; and a security device comprising a hardware processor or 
controller for intercepting communications and selectively blocking access to operating system 
data between the host CPU and the security partition; wherein the security device is deployed 
along the chain of components that connect the host CPU to the storage device; wherein the 
security device's processor or controller is distinct from the host CPU; and wherein during 
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operation of the operating system the security device is arranged to: intercept requests to write 
changes to operating system files in the security partition; in response to the requests, instead of 
write the changes to the operating system files in the security partition as targeted by the 
requests, write the changes to a location different than the security partition; and cause normal 
operation of the operating system to continue without writing the changes to the operating 
system files in the security partition (Fig. 1-4, col.4 line 37 to col. 6 line 16). 

Although the system disclosed by Thibadeau shows all the features of the claimed 
limitation, but Thibadeau does not specifically disclose security device processor controller for 
selectively blocking access to operating system data between CPU and the security partition. 

In an analogous art, Hearn, on the other hand, discloses a security device comprising a 
hardware processor or controller for intercepting communications and selectively blocking 
access to operating system data between the host CPU and the security partition, wherein the 
security device is deployed along the chain of components that connect the host CPU to the 
storage device, wherein the security device's processor or controller is distinct from the host CPU 
[Fig.l Item 35, Fig.2 and page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8]. 

Therefore, It would have been obvious to one ordinary skilled in the art at the time of 
invention to combine the teachings of Thibadeau and Hearn, because Hearn method security 
device would not only promote further security structure and control in the system of Thibadeau 
during receiving data from user or devices but will also provide safeguards and imposing 
requisite level of data access to security partition for users from unauthorized access and misuse 
(page 35 line 28 to page 36 line 8). 
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3. Regarding Claim 42, Thibadeau teaches and describes a method for securing access to an 
operating system of a computer, comprising: forming a security partition in the storage device; 
storing the operating system of the computer in the security partition; loading operating system 
data from the operating system into a random access memory; using one or more host central 
processing units (CPUs)to execute programs in the operating system based on the operating 
system data loaded into the random access memory; intercepting communications and selectively 
blocking access to operating system data between the host CPUs and the security partition at a 
security device deployed along the chain of components connecting the host CPUs to the storage 
device, wherein the security device operates independent of the host CPU; and intercepting, at 
the security device, requests to write changes to operating system files in the security partition; in 
response to the requests, instead of writing the changes to the operating system files in the 
security partition as targeted by the requests, the security device writing the changes to a location 
different than the security partition; and 

the security device causing normal operation of the operating system to continue without 
writing the changes to the operating system files in the security partition (Fig. 1-4, col.4 line 37 to 
col. 6 line 16). 

Although the system disclosed by Thibadeau shows all the features of the claimed limitation, but 
Thibadeau does not specifically disclose security device processor controller for selectively 
blocking access to operating system data between CPU and the security partition. 

In an analogous art, Hearn, on the other hand, discloses a security device comprising a 
hardware processor or controller for intercepting communications and selectively blocking 
access to operating system data between the host CPU and the security partition, wherein the 
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security device is deployed along the chain of components that connect the host CPU to the 
storage device, wherein the security device's processor or controller is distinct from the host CPU 
[Fig.l Item 35, Fig.2 and page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8]. 

Therefore, It would have been obvious to one ordinary skilled in the art at the time of 
invention to combine the teachings of Thibadeau and Hearn, because Hearn method security 
device would not only promote further security structure and control in the system of Thibadeau 
during receiving data from user or devices but will also provide safeguards and imposing 
requisite level of data access to security partition for users (page 35 line 28 to page 36 line 8). 

4. Claims 30, 32, 34-36, 38-41, 43, 45-48 and 50-54 are rejected applied as above rejecting 
Claims 29, and 42. Furthermore, the system of Thibadeau and Hearn teaches and describes a 
system and method for securing access to an operating system of a computer, wherein: 

As per Claim 30, each user of the computer has an associated access profile, each access 
profile comprising information indicative of the level of access to portions of the storage device 
permitted by a user, and the security device controlling access to the storage device by a user in 
accordance with the access profile associated with the user (col. 6 line 55 to col. 8 line 35 and 
Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8). 

As per Claim 32, said security device is independent and separately configurable of said 
host CPU (col.4 line 37 to col.6 line 16 and Hearn: page 15 line 2 to line 8, page 5 line 24 to 
page to page 17 line 8). 
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As per Claim 34, the location different than the security partition is at least a portion of a 
flash ROM (Fig. 1-4, col.4 line 37 to col.5 line 50 and Hearn: page 15 line 2 to line 8, page 5 line 
24 to page to page 17 line 8). 

As per Claim 35, the location different than the security partition is at least a portion of 
an invisible partition formed in the storage device invisible partition formed in the storage device 
(col.5 line 15 to col. 6 line 16). 

As per Claim 36, further comprising authentication means for authenticating a user of the 
computer and associating the user with a prescribed access profile, said security device 
controlling subsequent access to the security partition in accordance with the access profile 
associated with the user (col. 6 line 55 to col. 8 line 35 and Hearn: page 15 line 2 to line 8, page 5 
line 24 to page to page 17 line 8). 

As per Claim 38, said blocking means is configured to block all access by the host CPU 
to the storage device before initialisation of the security system, and to selectively permit access 
immediately after said initialisation in accordance with a respective access profile (col. 6 line 55 
to col.8 line 35 and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8). 

As per Claim 39, said authentication means enables a software boot of the computer to be 
effected only after correct authentication of a user, and said security system permits normal 
loading of the operating system during the start up sequence of the computer following said 
software boot (col.6 line 55 to col.8 line 35 and Hearn: page 15 line 2 to line 8, page 5 line 24 to 
page to page 17 line 8). 

As per Claim 40, said security device is a security device physically deployed between an 
interface adapter and the storage device within a data access channel of the chain of components 
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connecting the host CPU and the storage device (col.4 line 37 to col.6 line 16 and Hearn: page 15 
line 2 to line 8, page 5 line 24 to page to page 17 line 8). 

As per Claim 41, said security device is integrated in a bridging circuit within the chain 
of components connecting the host CPU and the storage device or within the storage device 
(Fig. 1-4, and col.4 line 37 to col.6 line 16 and Hearn: page 15 line 2 to line 8, page 5 line 24 to 
page to page 17 line 8). 

As per Claim 43, further comprising associating each user with an access profile 
comprising information indicative of the level of access to portions of the storage device 
permitted by a user; and for each user, selectively blocking access between the host CPU and the 
security partition in accordance with the access profile defined for the user (col. 5 line 25 to col.6 
line 16, and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8). 

As per Claim 45, further comprising authenticating a user of the computer, and 
associating the user with an access profile after successful user authentication (col.5 line 15 to 
col.6 line 16 and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8). 

As per Claim 46, said selective blocking comprises controlling access between the host 
CPU and the security partition independently of the host CPU (col.4 line 37 to col.6 line 16 and 
Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8). 

As per Claim 47, said selective blocking comprises totally blocking access to the storage 
device by the host CPU during initialisation of the computer, and intercepting all said access 
immediately after said initialisation and before loading of the operating system of the computer 
(col.6 line 55 to col.8 line 35, and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 
17 line 8)). 
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As per Claim 48, including performing a software boot of the computer only after correct 
authentication of the user, and allowing normal loading of the operating system during the start 
up sequence of the computer after said software boot (col. 6 line 55 to col.8 line 35 and Hearn: 
page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8). 

As per Claim 50, to location different than the security partition is at least a portion of 
flash ROM in the security device (Fig. 1-4, col.4 line 37 to col. 5 line 50 and Hearn: page 15 line 
2 to line 8, page 5 line 24 to page to page 17 line 8). 

As per Claim 51, the location different than the security partition is at least a portion of 
an invisible partition formed in the storage device (Fig. 1-4, col.4 line 37 to col. 6 line 16 and 
Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8). 

As per Claim 52.including unalterably storing computer programs for effecting said 
controlling access in a location separate from the memory and not addressable by the host CPU 
(Fig. 1-4, and col.4 line 37 to col.6 line 16 and Hearn: page 15 line 2 to line 8, page 5 line 24 to 
page to page 17 line 8). 

As per Claim 53, the security device is a dedicated hardware device comprising a 
dedicated CPU for processing the intercepted communication and, based on the intercepted 
communications, determining whether to block data access between the host CPU and the 
security partition (col.4 line 45 to line 65, and col. 9 line 13 to line 22, and Hearn: page 15 line 2 
to line 8, page 5 line 24 to page to page 17 line 8)). 

As per Claim 54, the security device is integrated into a bridging circuit comprising logic 
for processing the intercepted communications and, based on the intercepted communications, 
determining whether to block data access between the host CPU and the security partition (col.4 
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line 45 to line 65, and col. 9 line 13 to line 22, and Hearn: page 15 line 2 to line 8, page 5 line 24 
to page to page 17 line 8). 

As per Claim 55, the security device is arranged to divert to the scratch location write 
operations to the security partition requested by a first user, but permit performance of write 
operations to the security partition requested by a second user (col. 5 line 25 to col. 6 line 16 and 
Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8). 

As per Claim 56, the security device is further configured to erase the changes written to 
the scratch location without the changes having been written to the operating system files 
targeted by the requests (col.5 line 25 to col.6 line 16 and Hearn: page 15 line 2 to line 8, page 5 
line 24 to page to page 17 line 8). 

As per Claim 57, further comprising diverting to the scratch location write operations to 
the security partition requested by a first user, but permitting performance of write operations to 
the security partition requested by a second user (col.5 line 25 to col.6 line 16 and Hearn: page 
15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).. 

As per Claim 58, further comprising erasing the changes written to the scratch location 
without the changes having been written to the operating system files targeted by the requests 
(col.5 line 25 to col.6 line 16 and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 
17 line 8). 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SYED ZIA whose telephone number is (571)272-3798. The 
examiner can normally be reached on 9:00 to 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nathan J. Flynn can be reached on571-272-1915. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



sz 

October 9, 2011 
/Syed Zia/ 

Primary Examiner, Art Unit 243 1 



